A concern I have about using PA's password generator is that the passwords created are so secure (random) that if I was ever away from (or lost) my computer and PA, there is just no chance what-so-ever that I would be able to get into a secured web site.

On the other hand, making up passwords I will remember out of common words found in dictionaries is not such a good idea either.

Here is a suggestion for a middle ground that I think would make a nice option for PA's password generator.

Passwords like 7h*W0r1@rB00 or 1!7m!5Muf5A7@na7uF may not be as secure as 3dbtNj&Ui"R% generated by PA's password generator, but they actually make sense to me, so I stand a change of reconstructing the password if I am away from PA.

If I can remember "the worlds largest bookstore" in relation to Amazon and the algorythm to generate the password, I can recreate the password without PA if needed and so stand a chance of getting into my (fictitious) Amazon account.

With a little better imagination than using a well known marketing phrase, I think this sort of password can be reasonably secure but re-creatable in case of need at the same time.

Would you consider adding this as a special template for PA's password generator?

-Glen

3 L A T E S T R E P L I E S (Newest First)

Ahto/Moon Software

Posted - 26 March 2003 : 23:15:35 Thanks Glen! I started to think that if the formula is known (e.g the same formula is used over and over), smart people may guess passwords. If they will guess your key phrase, then they can potentially construct the password. And key phrase is usually something simple that is easy to remember later, like "the worlds largest bookstore" in your sample?

gihrig

Posted - 26 March 2003 : 22:20:50 Ahto,

Here's the detailed breakdown on the process of creating a memorable password from a key phrase:

I'll use the (too obvious) key phrase "The Worlds Largest Bookstore" as an example for generating a password for a fictitious Amazon account.

1. The key phrase is forced to lower case: -- The Worlds Largest Bookstorebecomes: -- the worlds largest bookstore

2. Take the first three characters from each word,

words having less than three characters are appendedto the following word until a string of more than threecharacters results.

So, -- the worlds largest bookstorebecomes: -- the wor lar boo

3. Strip all spaces out of the phrase. -- the wor lar boobecomes: -- theworlarboo

I'm sure more similar characters exist, the idea hereis to add a few random characters without detracting too much from the readability of the password, or getting overly complex.

So, -- theworlarboobecomes: -- 7h*w0r1@rb00

5. Now just to mix things up a little more, add a fewupper case letters. I have changed the remaining letters to upper case according to a formula of skippingletters in a 1, 2, 3 sequence. That is, -- skip one letter, then capitalize the one following -- skip two letters, then capitalize the one following -- skip three letters, then capitalize the one following

A simpler scheme of capitalizing only the even numbered letters (every other one) could also be used, I just wanted to make it look a little more random.

I would be interested in hearing any ideas on how securethis scheme might (or might not) be. Certainly the password is extremely difficult to crack from a purely bruteforce attempt, but will humans be likely to compromise the potential security by tending to select from only a few common phrases?

-Glen

Ahto/Moon Software

Posted - 20 March 2003 : 13:09:48 Good idea! Not sure how many people will end up using it, but the idea itself is cool!

How to design it into the password generator? Seems one more field needs to be added, where one can write his "key phrase". Writing it into the template field probably is not a good idea. I think the way to go is to add another tab to the password generator. The old remains "Random" and the new is titled something like "Key phrase". Should the key phrase saved in the data file, so it will appear in the password generator next time it is opened. Probably.

You can e-mail me (or posti it here so maybe someone has something to add) your proposed formula for replacing characters. Seems you have already done some homework on it .